100% of the people who use BlueQuartz are 50% there to hacking your
system! (Yikes). How? They know your "admin" and "root" account
exist. So, how does one over come this?
Now, this is NOT full proof by any means. It will aid you though in
securing your system!!!
**** NOTICE ****
I did this on a TEST system. Highly controlled environment (VMWare).
Please follow each and every step line by line. It "should" work for
you with out any issues. If "worse case scenario" happens, you can
single boot you system, undo the changes, and be back up and running.
Most importantly! MAKE BACKUPS. That is going to be the FIRST part
in this little how to. If you don't, and you mess it up, I am sorry!!
**** NOTICE ****
0 - MAKE BACKUPS.
mkdir /my-system-backup-file
cp /etc/passwd /my-system-backup-file
cp /etc/shadow /my-system-backup-file
cp /etc/ssh/sshd_config /my-system-backup-file
1 - Login as "admin" and create a new "Server Administrator". Give it
a great name, something NOT in a dictionary. For example purposes, I
named mine "master_trader" (not really, but sounds stupid).
2 - Give him "full" access to your box, meaning, select ALL
permissions.
3 - Give him a great, hard to guess password. Alpha numeric, use
special characters, like 10 digits long.
4 - Give him a test. Make sure that you can login to the system.
5 - Lets give him more "GOD" like powers.
cd /usr/sausalito/codb/objects/
search "master_trader"
Look for a file called ".fullName" .. That is "DOT" then fullName.
Change into that sub directory
Create a new file called ".systemAdministrator". Put a "1" in it. To
make life easier, copy & paste the next line
echo "1" > .systemAdministrator
6 - Lets modify the Server Admin page so that our new "admin" user can
access it.
pico /usr/sausalito/ui/web/base/vsite/adminList.php
Near the "top", locate the following code and change the "admin" to
your new user
// Only admin should be here
if ($loginName != "admin") {
header("location: /error/forbidden.html");
return;
}
7 - Lets "disable" the following users: root, admin, root-admin.
Change their "shell" from "/bin/bash" to "/bin/false".
usermod -s /bin/false root
usermod -s /bin/false root-admin
usermod -s /bin/false admin
Now disable their accounts as well.
Edit the "/etc/shadow" file, and between the 1st and 2nd colon, remove
the garbage and put a "*" in there instead.
The users "root, root-admin, admin" can NO longer log into your
system, BUT all applications still run.
8 - Optional, but I recommend it.
Since the new user you created is stored in the PAM database, and we
have seen it has the ability to get corrupted, I would recommend
changing SSH to allow "root" to login. NOW, since we technically do
NOT have a user called "root", but a user called "root-master_trader",
it will be a BIT (not entirely) safer.
pico /etc/ssh/sshd
Search for: "PermitRootLogin no"
Change to "PermitRootLogin yes"
Save and restart SSH
/etc/rc.d/init.d/sshd restart
Now, try to login as that user. It should work now, with out any
issues. This will help, should your PAM database ever get corrupted.
You can still login into your system and recover with out any issues!!
9 - Optional, BUT, I do recommend it.
Now, even though your new user, NO ONE should "hopefully" guess, But,
I hate the "root-" in front of it. So, I would recommend changing it.
IT can NOT be the same as the "master_trader", so think of a 2nd
secure name. Make sure it is hard to guess!!!
usermod -l NEWUSERNAMEHERE master_trader
Now there you go. You have two new users on your system. You got rid
of "root", the #1 known super user account. You got rid of "admin" &
"root-admin", which are highly known Cobalt / BlueQuartz usernames and
passwords. And you have made your system that much more secure. If
you build your new users to be something like "brian" or "joe", or any
short word that is commonly known, that is your bad, and you will be
hacked!
Good luck to you!
Thanks,
Brian N. Smith